Controlling mobile payment transactions based on risk scores for point-of-sale terminals determined from locations reported by mobile terminals

ABSTRACT

A method of performing operations on a processor of a mobile payment transaction processing system, includes receiving mobile payment messages from a point-of-sale (POS) terminal operated by a merchant performing mobile payment transactions with mobile terminals. Each of the mobile payment messages contains transaction information, a network address for the POS terminal, and a geographic location provided by the mobile terminal. A POS terminal risk score is generated based on similarity between the geographic locations provided by the mobile terminals contained in the mobile payment messages which also contain the network address for the POS terminal. Processing of another mobile payment message, which is received from the POS terminal performing another mobile payment transaction with another mobile terminal subsequent to the generating of the POS terminal risk score, is controlled based on the POS terminal risk score and transaction information contained in the another mobile payment message. Related computer nodes of mobile payment transaction processing systems are disclosed.

BACKGROUND

The present disclosure relates to mobile payment transaction processingsystems.

Financial transactions relating to purchasing goods and services arepredominately paid for using credit accounts and debit accounts that anaccount owner accesses through associated credit cards and debit cards.Financial transaction processing systems provide verification processesthat allow merchants to verify that account information is valid and theaccount owner has sufficient credit or debit funds to cover thepurchase.

When a purchaser having a physical credit card is located at themerchant's facility, the merchant has been responsible forauthenticating that the purchaser is the credit card owner by, forexample, comparing the purchaser's signature to an existing signature onthe credit card and/or examining a picture ID of the purchaser. Incontrast, mobile payment systems have emerged that eliminate the use ofphysical credit cards by allowing purchasers to wirelessly communicateinformation from their mobile terminals through short-rangecommunication interfaces to merchants' point-of-sale (POS) terminals.The POS terminals are typically mounted to check-out counters or aretransportable to purchasers. An application on the mobile terminalqueries a user to enter a correct personal identification number (PIN)or password in order to trigger the mobile terminal to communicatemobile payment information through a Near Field Communication (NFC) linkor another radio frequency, magnetic, or other communication link to thePOS terminal for authorization and further processing by a financialtransaction processing system.

Although the security of mobile payment systems is an improvement overuse of physical credit cards, security weakness still exist due to, forexample, the ability for sophisticated fraudsters to operate POSterminals in a way that fraudulent emulates presence of a mobileterminal operated by an account owner.

SUMMARY

A method of performing operations on a processor of a mobile paymenttransaction processing system, includes receiving mobile paymentmessages from a point-of-sale (POS) terminal operated by a merchantperforming mobile payment transactions with mobile terminals. Each ofthe mobile payment messages contains transaction information, a networkaddress for the POS terminal, and a geographic location provided by themobile terminal. A POS terminal risk score is generated based onsimilarity between the geographic locations provided by the mobileterminals contained in the mobile payment messages which also containthe network address for the POS terminal. Processing of another mobilepayment message, which is received from the POS terminal performinganother mobile payment transaction with another mobile terminalsubsequent to the generating of the POS terminal risk score, iscontrolled based on the POS terminal risk score and transactioninformation contained in the another mobile payment message.

Some other embodiments disclosed herein are directed to a computer nodeof a mobile payment transaction processing system that includes aprocessor and a memory. The memory is coupled to the processor andincludes computer readable program code that when executed by theprocessor causes the processor to perform operations. The operationsinclude receiving mobile payment messages from a POS terminal operatedby a merchant performing mobile payment transactions with mobileterminals. Each of the mobile payment messages contains transactioninformation, a network address for the PUS terminal, and a geographiclocation provided by the mobile terminal. The operations further includegenerating a POS terminal risk score based on similarity between thegeographic locations provided by the mobile terminals contained in themobile payment messages which also contain the network address for thePOS terminal. The operations further include controlling processing ofanother mobile payment message, which is received from the POS terminalperforming another mobile payment transaction with another mobileterminal subsequent to the generating of the POS terminal risk score,based on the POS terminal risk score and transaction informationcontained in the another mobile payment message.

Other methods, computer nodes of mobile payment transaction processingsystems, and computer program products according to embodiments will beor become apparent to one with skill in the art upon review of thefollowing drawings and detailed description. It is intended that allsuch additional methods, computer nodes of mobile payment transactionprocessing systems, and computer program products be included withinthis description and protected by the accompanying claims.

BRIEF DESCRIPTION OF THE DRAWINGS

Aspects of the present disclosure are illustrated by way of example andare not limited by the accompanying drawings. In the drawings:

FIG. 1 is a block diagram of a mobile payment transaction processingsystem that can include an authorization control node that controlswhich mobile payment transactions from point-of-sale (POS) terminals areauthorized and/or can include an authentication gateway node thatcontrols which mobile payment transactions from the POS terminals areselected for authentication by an authentication node, in accordancewith some embodiments;

FIGS. 2-6 are flowcharts that illustrate operations that may beperformed by an authorization control node and/or by an authenticationgateway node in accordance with some embodiments; and

FIG. 7 is a block diagram of a computer system that may be incorporatedinto the authorization control node and/or the authentication gatewaynode of FIG. 1 in accordance with some embodiments.

DETAILED DESCRIPTION

Various embodiments will be described more fully hereinafter withreference to the accompanying drawings. Other embodiments may take manydifferent forms and should not be construed as limited to theembodiments set forth herein. Like numbers refer to like elementsthroughout.

The rate of fraud occurring with mobile payment transaction is expectedto continue to increase with the sophistication of fraudsters andsecurity weaknesses introduced by the increasing number of various typesof mobile terminals that are used to conduct mobile payment transaction.As used herein, mobile terminals can include, but are not limited tosmart phones, tablet computers, laptop computers, etc. Reliance on amobile terminal identifier and/or a PIN or a password associated with aneCommerce transaction may not be sufficient to prevent fraud in view ofthe ability of sophisticated fraudsters to operate POS terminals in away that fraudulent emulates presence of a mobile terminal operated byan account owner. Various embodiments of the present disclosure providean extra level of security to identify such fraudulent mobile paymenttransactions.

FIG. 1 is a block diagram of a mobile payment transaction processingsystem that can include an authorization control node 150 that controlswhich mobile payment transactions from merchant POS terminals 120 areauthorized and/or can include an authentication gateway node 100 thatcontrols which mobile payment transactions from the POS terminals 120are selected for authentication by an authentication node 130, inaccordance with some embodiments. FIGS. 2-6 are flowcharts thatillustrate operations that may be performed by the authorization controlnode 150 and/or by the authentication gateway node 100 in accordancewith some embodiments.

Referring to FIG. 1, a POS terminal 120 can be expected to have a samelocation or substantially the same location over a defined timeduration, such as when the POS terminal 120 is mounted to a merchant'scheck-out counter or is transported to purchasers located within themerchant's facility. Some embodiments of the present system are directedto determining a risk score for the POS terminal 120 based on itsgeographic location. These embodiments learn over time the geographiclocation of the POS terminal 120 based on geographic locations that arereported by mobile terminals that are performing mobile paymenttransactions with the POS terminal 120. Because mobile paymenttransactions involve communications over very short ranges, the reportedlocations of the mobile terminals correspond to that of the POS terminal120.

In some further embodiments, the risk score for the POS terminal 120 isgenerated based on similarity between the geographic locations reportedby the mobile terminals, consistency of the geographic locations over adefined threshold time, and/or presence of the geographic locationsbeing within a geo-fence region in which the merchant is expected tooperate. The risk score may be generated based on whether the geographiclocations reported by the mobile terminals are within a region definedby a business address, zip code, telephone area code, and/or otherinformation defining a location of the merchant which has beenregistered with or is obtainable by the system.

The system stores the risk score for the POS terminal 120 logicallyassociated with a network address of the POS terminal 120, so that therisk score can be retrieved in the future when a mobile payment messageis received it does not contain a geographic location reported by themobile terminal. The network address of the POS terminal 120 may be anyidentifier which the system can use to communicate with the POS terminal120. In this manner, a geographic location-based risk score for a POSterminal 120 can be determined for use in controlling processing of amobile payment message, even when the mobile terminal involved in notconfigured to determine and/or report its present geographic location aspart of a mobile payment transaction and/or is not capable ofdetermining its geographic location because of absence or insufficiencyof necessary positioning signaling.

During a mobile payment transaction between a mobile terminal 110 andthe POS terminal 120 operated by the merchant, the mobile terminal 110reports its geographic location to the POS terminal 120. The POSterminal 120 generates a mobile payment message which containstransaction information, a network address for the POS terminal 120, andthe geographic location provided by the mobile terminal 110.

The mobile payment transaction may be based on Google Wallet, Apple Pay,and/or another mobile payment transaction protocol. In accordance withthe Apple Pay protocol, the user terminal 110 may communicate to the POSterminal 120 a transaction token that is a proxy for the credit cardnumber and is generated to be unique to the particular POS terminal 120.The transaction token may include a Device Account Number (DAN) whichidentifies the mobile terminal 110 and a device specific dynamicsecurity code which is generated by an application executed by themobile terminal 110 which communicates through a NFC link or anotherradio frequency, magnetic, or other communication link with anotherapplication executed by the POS terminal 120. The device specificdynamic security code may be a crytogram.

In accordance with various present embodiments, the user terminal 110also communicates information identifying its present geographiclocation. The user terminal 110 may determine its location based on aglobal position system (GPS) signals received by a GPS receiver circuit,by triangulation of cellular signals received from cellular radiotransceiver base stations having known geographic locations, by use of ageographic location of the mobile terminal 110 received from a cellularradio transceiver base station; and/or by use of a known geographiclocation of a stationary wireless access point (e.g., WIFI access point,Bluetooth device, etc.) that is identified as being within communicationrange of a wireless transceiver within the mobile terminal 110.

The mobile payment message is communicated to a computer node of themobile payment transaction processing system. As will be explained infurther detail below, the computer node may be the authorization controlnode 150, the authentication gateway node 100, and/or another nodenetworked to the POS terminal 120. Although the system of FIG. 1illustrates a single POS terminal 120 for simplicity of illustration, itis to be understood that the mobile payment transaction processingsystem may communicate within any number of POS terminals operated byany number of merchants.

Referring to FIGS. 1 and 2, over time the computer node receives (block200) mobile payment messages from the POS terminal 120 arising from aseries of mobile payment transactions with mobile terminals 110 operatedby purchasers (e.g., a line of purchasers sequentially processed at acheck-out counter). Each of the mobile payment messages containstransaction information, a network address for the POS terminal 120, anda geographic location provided by the mobile terminal. The computer nodegenerates (block 202) a risk score of the POS terminal 120, referred toas a POS terminal risk shore, based on similarity between the geographiclocations provided by mobile terminals contained in the mobile paymentmessages which also contain the network address for the POS terminal.The computer node controls (block 204) processing of another mobilepayment message, which is received from the POS terminal 120 performinganother mobile payment transaction with another mobile terminal 110′subsequent to the generating of the POS terminal risk score, based onthe POS terminal risk score and transaction information contained in theanother mobile payment message.

In one embodiment of FIG. 1, the computer node is the authorizationcontrol node 150. The mobile payment messages are communicated throughan acquirer node 122, which may correspond to the merchant's bankserver. The acquirer node 122 routes the mobile payment messages to acredit issuer node 140, which may correspond to the card issuing bankserver such as a Visa or other card server via VisaNet, BankNet, etc.The credit issuer node 140 provides the mobile payment messages to theauthorization control node 150 which generates the POS terminal riskscore. Generation of an authorization decision for the mobile paymenttransaction can be controlled based on the POS terminal risk score andbased on whether an account identified based on the transactioninformation has a sufficient credit limit and/or existing funds to coverthe amount of the mobile payment transaction.

In the embodiment of FIG. 3, the authorization control node 150 and/orthe credit issuer node 140 generates (block 300) a transaction riskscore based on content of the transaction information comprising anamount of a mobile payment transaction and information which is used toidentify a financial account to be charged for the transaction. Theauthorization control node 150 may further generate (block 302) the POSterminal risk score based on feedback from the credit issuer node 140indicating how many of the mobile payment transactions corresponding tothe mobile payment messages were authorized. For example, the POSterminal risk score may be generated to indicate a higher risk when acorresponding greater number of transactions arising from the POSterminal 120 are not authorized. In contrast, the POS terminal riskscore may be generated to indicate a lower risk when a correspondinglower number of transactions arising from the POS terminal 120 areauthorized. The authorization control node 150 in conjunction with thecredit issuer node 140 can then control (block 304) authorization of themobile payment transaction based on the POS terminal risk score and thetransaction risk score.

The credit issuer node 140 communicates its authorization decision tothe acquirer node 122, which communicates an authorization decision tothe POS terminal 120 that controls the POS terminal 120 to selectivelyallow or deny completion of the mobile payment transaction with thepurchaser.

The authentication gateway node 100 can include a risk score generator154 that generates the POS terminal risk scores in accordance with oneor more embodiments herein, and a repository 152 in memory that storesthe POS terminal risk scores with a logical association with (e.g.,mapped to) the network addresses for a plurality of different POSterminals. As mobile payment messages are received over time from aplurality of different POS terminals 120, the risk score generator 154can generate new risk scores for POS terminals which don't yet have arisk score in the repository 150, and can retrieve and/or update riskscores for other POS terminals that have risk scores in the repository150. For example, responsive to receiving (block 200) the mobile paymentmessages, the risk score generator 154 can store in the repository 152the generated (block 202) POS terminal risk score logically associatedwith the network address for the POS terminal 120.

In one embodiment, network address for the POS terminal 120 may be acellular radio transceiver base station identifier for a base stationwhich is presently providing cellular communication services for the POSterminal 120. In another embodiment, the network address includes atleast a portion of a network routing path of a mobile payment messagefor communication from the POS terminal 120 to a system node. Thenetwork address may correspond to a source address of the mobile paymentmessage from the POS terminal 120.

The stored POS terminal risk scores can then be used to determine therisk associated with a network address of a POS terminal contained in amobile payment message without requiring that the mobile payment messagealso contain a geographic location provided by the mobile terminal.Indeed, not all mobile terminals may be configured to determine theirpresent geographic location, may not be presently capable of determiningits geographic location because, for example, necessary positioningsignaling (e.g., GPS signals) are presently unavailable, and/or may notbe configured to communicate its geographic location to the POS terminal120 as part of a mobile payment transaction.

Responsive to subsequently receiving another mobile payment message fromthe POS terminal 120, the risk score generator 154 retrieves the POSterminal risk score of the POS terminal 120 from the repository 152based on the network address for the POS terminal 120 contained in theanother mobile payment message, and communicates with the credit issuernode 140 to control (block 204) its selective authorization of theanother mobile payment message based on the POS terminal risk scoreretrieved from the repository 152. Thus, the another mobile paymentmessage does not need to contain a geographic location provided by theanother mobile terminal, because the risk score generator 154 retrievesthe risk score from the repository 154 using the network address of thePOS terminal 120 contained in the another mobile payment message.Authentication and/or other processing of the another mobile paymentmessage can therefore be controlled based on the POS terminal risk scoreretrieved from the repository 152 and the transaction informationcontained in the another mobile payment message.

Although the authorization control node 150 is shown as being separatefrom the credit issuer node 140 and the acquirer node 122, in someembodiments the authorization control node 150 is incorporated into thecredit issuer node 140 and/or the acquirer node 122 so that at leastsome of the operations disclosed herein as being performed by theauthorization control node 150 are performed within the credit issuernode 140 and/or the acquirer node 122.

Further operations that may be performed by the authorization controlnode 150 in conjunction with the credit issuer node 140 are illustratedin the flowchart of FIG. 5. The risk score for the POS terminal 120 canbe generated based on similarity between the geographic locationsreported by the mobile terminals, based on consistency of the geographiclocations over a defined threshold time, and/or based on presence of thegeographic locations being within a geo-fence region in which themerchant is expected to operate.

Referring to FIG. 5, the authorization control node 150 can generate(block 500) the POS terminal risk score based on a number of the mobilepayment messages that contain the network address for the POS terminaland further contain geographic locations provided by the mobileterminals 110 that are within a threshold geographic proximity of eachother. The authorization control node 150 and/or the credit issuer node140 can generate (block 502) the transaction risk score based on contentof the transaction information, including based on an amount of themobile payment transaction and information which is used to identify afinancial account be charged for the transaction.

The node 150/140 determines (block 504) whether the number of the mobilepayment messages that contain the network address for the POS terminaland further contain geographic locations provided by the mobileterminals 110 that are within a threshold geographic proximity of eachother, exceeds a plural threshold number. If it exceeds, the POSterminal risk score is generated (block 506) to indicate a first risklevel for the POS terminal 110, and the node 150/140 authorizes (block508) the mobile payment transaction based on a combination of the firstrisk level been generated for the POS terminal 110 and the transactionrisk score. In sharp contrast, if the number does not exceed thethreshold number, the POS terminal risk score is generated (block 510)to indicate a second risk level, which corresponds to a higher risk offraud, for the POS terminal 110, and the node 150/140 declines (block512) the mobile payment transaction based on a combination of the secondPOS terminal risk score being generated for the POS terminal 110 and thetransaction risk score.

Consequently, given the same transaction risk score, the mobile paymenttransaction is either authorized or denied depending upon whether thenumber of the mobile payment messages that contain the network addressfor the POS terminal and further contain geographic locations providedby the mobile terminals 110 that are within a threshold geographicproximity of each other, exceeds a plural threshold number.

The POS terminal risk score may be generated based on how many differentmobile terminals have reported locations during mobile paymenttransactions through the PUS terminal 120. The POS terminal 120 may bedetermined to have a lower risk score when it has been used with morethan a threshold number of different mobile terminals, which canindicate a lower likelihood of fraudulent use. In one embodiment, eachof the mobile payment messages further contains a mobile terminalidentifier. The POS terminal risk score is generated based on a numberof the mobile payment messages that contain the network address for thePOS terminal 120 and further contain geographic locations provided bythe mobile terminals that are within a threshold geographic proximity ofeach other. The POS terminal risk score is further generated based onhow many of the number of the mobile payment messages contain mobileterminal identifiers that are different from each other.

In a further embodiment, the POS terminal risk score is generated toindicate a lower level of risk for the POS terminal 120 baseddetermining that the number of the mobile payment messages containingmobile terminal identifiers that are different from each other exceeds adefined threshold number. In contrast, the POS terminal risk score isgenerated to indicate a higher level of risk for the POS terminal 120based determining that the number of the mobile payment messagescontaining mobile terminal identifiers that are different from eachother does not exceed the defined threshold number.

Because of the prevalence of fraud occurring in eCommerce and othercard-not-present financial transactions, where merchants do nottypically authenticate purchasers using picture IDs, electronicauthentication processes have been introduced to authenticatepurchasers. Electronic authentication processes can be performed by anauthentication node 130 to attempt to confirm that the purchaser is anaccount owner or is otherwise authorized by the account owner. Someother embodiments of the present disclosure are directed to the computernode which generates the POS terminal risk score being within theauthentication gateway node 100. The authentication gateway node 100uses the POS terminal risk score to control whether authentication isperformed on a purchaser who is operating the mobile terminal 110.

If the POS terminal 120 is registered for use of electronicauthentication processes, the POS terminal 120 generates a mobilepayment message containing transaction information, a network addressfor the POS terminal 120, and a geographic location provided by themobile terminal. The transaction information can include the informationdescribed above and/or one may include any one or more of a mobileterminal identifier for the mobile terminal 110, an account number(e.g., credit/debit card number), expiration date for the card,Verification value (e.g., CVV), cardholder's name, the cardholder's homeaddress, geographic location of the mobile terminal, identifier for themerchant node 120, time of transaction, and date of transaction. Themobile terminal identifier for the mobile terminal 110 uniquelyidentifies the mobile terminal, such as by a telephone number of themobile terminal, a International Mobile Subscriber Identity of themobile terminal, and/or an identifier assigned to the mobile terminal110 by an application executed by the mobile terminal 110 or stored onthe mobile terminal 110 during account setup/maintenance with the issuernode 140 and/or the merchant node 120. The mobile terminal identifiermay be communicated from the mobile terminal 110 to the POS terminal 120or may determined by the POS terminal 120 or another system componentand included in the mobile payment message.

The POS terminal 120 communicates the mobile payment message toward theauthentication node 130 for authentication processing to authenticatethe purchaser. The POS terminal 120 may communicate the mobile paymentmessage using a software plug-in provided by a provider of theauthentication node 130. Authentication of the purchaser can includedetermining whether the purchaser possesses secret information thatshould only be known to the account owner or another person who has beenauthorized by the account owner to make purchases using the account.

An authentication gateway node 100 is disclosed herein that uses the POSterminal risk score to control which mobile payment messages from thePOS terminal 120 cause authentication of purchasers. The authenticationgateway node 100 may also generate based on the POS terminal risk scorea credit account warning message which notifies the credit issuer node140 that an account owner should be contacted and/or that privilegeswith an account should be halted/frozen or otherwise modified.

The authentication gateway node 100 may intercept or otherwise receivethe mobile payment message from the POS terminal 120 and determinewhether authentication will be performed by the authentication node 130.The authentication gateway node 100 may, for example, selectively eitherroute the mobile payment message to the authentication node 130 forauthentication or respond to the POS terminal 120 without authenticationby the authentication node 130 (e.g., some mobile payment messagesbypass the authentication node 130). Alternatively, the authenticationgateway node 100 may mark the mobile payment messages to indicatewhether they are to be authenticated by the authentication node 130(e.g., all mobile payment messages flow through the authentication node130 but only some cause authentication). These and other operations bythe authentication gateway node 100 are described in further detailbelow.

Pursuant to one type of authentication process, the authentication node130 communicates an authentication challenge message to the mobileterminal 110 and/or to the POS terminal 120 which requires the purchaserto enter a security code to complete the purchase. The entered securitycode is returned to the authentication node 130 in a response message.The security code may be a password, personal identification number(PIN), electronic security token, or other secret information known tothe account owner.

The authentication node 130 can compare the security code to an expectedcode, and apply one or more rules which may be defined by the cardissuing bank (referred to more generally as the credit/debit financeissuer node 140 below) to generate an authentication response (e.g.,authentication response code) that indicates an outcome of theauthentication process.

One type of authentication process is known as a 3-D Secure protocolthat can be performed by the authentication node 130 operating as a 3-DSecure authentication server. The 3-D Secure protocol was developed byfinancial card associations, including Visa and MasterCard, and hasbecome an industry standard. The protocol uses XML messages sent oversecure socket layer (SSL) connections between the mobile terminal 110 orthe POS terminal 120 and the authentication node 130, which an also bereferred to as an access control server (ACS). The authenticationchallenge can be presented through the mobile terminal 110 to thepurchaser within the same web browser window as an in-line session(referred to as an inframe authentication session) or can be presentedin a separate window (e.g., pop-up window).

An advantage to merchants of using purchaser authentication is areduction in “unauthorized transaction” chargebacks. A disadvantage tomerchants is that they pay a software setup fee, monthly fee, andper-authentication fee for use of the 3-D Secure access control serverprovided by the authentication node 130. Moreover, 3-D Secure operationcan be complicated and create transaction failures.

For these and other reasons, some embodiments disclosed herein aredirected to the authentication gateway node 100 containing a risk scoregenerator 104 and a repository 102 of POS terminal risk scores andnetwork addresses. The generator 104 may operate as described herein forthe generator 154. Similarly, the repository 102 may operate asdescribed above for the repository 152. The authentication gateway node100 generates a POS terminal risk score based on similarity between thegeographic locations provided by the mobile terminals contained in themobile payment messages which also contain the network address for thePOS terminal 120, and may further generate the POS terminal risk scorebased on one or more of the other embodiments described herein. Theauthentication gateway node 100 controls which mobile payment messagestrigger authentication based on the POS terminal risk scores.

The authentication gateway node 100 can be configured to operate onmobile payment messages in-flight before being delivered to theauthentication node 130, and control, based on the risk scores, which ofthe mobile payment messages are processed by the authentication node 130for authentication of purchasers and generation of authenticationresponses based on the outcomes of the authentication.

In one embodiment, only mobile payment messages having POS terminal riskscores that satisfy a defined rule are provided to the authenticationnode 130 for authentication processing and generation of theauthentication responses based on the authentication processing, whileother mobile payment messages (having POS terminal risk scores that donot satisfy the defined rule) bypass authentication processing by theauthentication node 130. When bypassing authentication processing by theauthentication node 130, the authentication gateway node 100 maygenerate an authentication response based on the POS terminal risk score(e.g., generate an authentication response indicating that the purchaserwas properly authenticated) and communicate the authentication responseto the POS terminal 120 as if it had originated from the authenticationnode 130. When the authentication response is generated by theauthentication gateway node 100, it may contain the same or similarcontent to an authentication response generated by the authenticationnode 130 so that the POS terminal 120 is not aware that theauthentication response was generated without authentication of thepurchaser being performed by the authentication node 130.

When selectively providing the mobile payment message to theauthentication node 130, the authentication gateway node 100 mayselectively mark the mobile payment message to indicate whetherauthentication of the purchaser by the authentication node 130 isrequested based on whether the POS terminal risk score satisfies adefined rule. The authentication gateway node 130 then performsauthentication processing (e.g., providing authentication challenges topurchasers) for only the mobile payment messages that are marked forauthentication. The authentication gateway node 130 can then generatethe authentication responses based on a result of the authenticationprocessing when performed, or based on the POS terminal risk score whenauthentication processing is not performed.

In another embodiment, when selectively providing the mobile paymentmessage to the authentication node 130, the authentication gateway node100 selectively routes the mobile payment message to the authenticationnode 130 for authentication of the purchaser based on whether the riskscore satisfies a defined rule. Accordingly, the authentication node 130performs purchaser authentication processes for each mobile paymentmessage that it receives, however the authentication node 130 onlyreceives mobile payment messages having risk scores that theauthentication gateway node 100 determined to satisfy a defined rule(e.g., having a POS terminal risk score that exceeds a threshold levelor alternatively that does not exceed a threshold level).

In another embodiment, the authentication node 130 can include some orall of the functionality described herein of the authentication gatewaynode 100. The authentication node 130 can receive all mobile paymentmessages, but selectively generate an authentication challenge to theuser equipment 110 and/or the POS terminal 120 (FIG. 1) to authenticatethe purchaser only for mobile payment messages having POS terminal riskscores that satisfy a defined rule.

Depending upon the POS terminal risk score, the authentication gatewaynode 100 may generate a credit account warning message which notifiesthe credit issuer node 140 that the account owner should be contactedand/or that privileges with an account should be halted/frozen orotherwise modified.

Although the authentication gateway node 100 is shown as being separatefrom the authentication node 130, in some embodiments the authenticationgateway node 100 is incorporated into the authentication node 130 sothat at least some of the operations disclosed herein as being performedby the authentication gateway node 100 are performed within theauthentication node 130.

The authentication response (e.g., 3-D Secure authentication responsecode) can be generated by the authentication node 130, based onauthentication processes performed with the purchaser and/or may begenerated by the authentication gateway node 100 based on the POSterminal risk score (e.g., without authentication processing by theauthentication node 130) and provided to the POS terminal 120. The POSterminal 120 receives the authentication response and may deny thetransaction based on content of the authentication response (e.g., basedon the risk score generated by the authentication gateway node 100and/or based on the result of authentication processes by theauthentication node). The POS terminal 120 can initiate verification ofthe transaction by communicating to a credit/debit finance issuer node140, via an acquirer node 122 (e.g., merchant's bank), theauthentication response and content of the eCommerce authenticationrequest (e.g., cardholder information, other content of an eCommerceauthentication request disclosed herein, etc).

The acquirer node 122 routes the authentication response and the contentof the eCommerce authentication request to a credit/debit finance issuernode 140 (e.g., card issuing bank server such as a Visa or other cardserver via VisaNet, BankNet, etc.). The credit/debit finance issuer node140 generates an authorization decision based on whether the accountnumber has a sufficient credit limit and/or existing funds to cover theamount of the financial transaction, and can further generate theauthorization decision based on the authentication response from theauthentication node 130 and/or the authentication gateway node 100.

The credit/debit finance issuer node 140 communicates its authorizationdecision to the acquirer node 122, which communicates an authorizationdecision to the POS terminal 120. The POS terminal 120 decides whetherto complete the transaction with the purchaser or to deny thetransaction based on the authorization decision from the acquirer node122.

Further example operations by the authentication gateway node 100 areexplained below with regard to FIGS. 4 and 6.

Referring to FIG. 4, the authentication gateway node 100, via the riskscore generator 104, can generate (block 400) a POS terminal risk scorefor the POS terminal 120. The POS terminal risk score can be generatedbased on a number of the mobile payment messages received from mobileterminals which contain the network address for the POS terminal 120 andwhich further contain geographic locations provided by the mobileterminals that are within a threshold geographic proximity of eachother. The POS terminal risk score can further be generated based onfeedback from authentication node 130 indicating how many of the mobilepayment messages, which were received from the POS terminal 120, hadpurchaser's who provided to the authentication node 130 correctresponses to authentication challenges. The POS terminal risk score canindicate a lower risk of fraud occurring through the POS terminal 120responsive to determining that at least a threshold number of mobilepayment messages received through the POS terminal 120 have beenproperly authenticated.

The authentication gateway node 100 can then control whether anothermobile payment message, which is received after generating the POSterminal risk score, is forwarded to the authentication node 130. Moreparticularly, the gateway node 100 can control (block 402) based on thePOS terminal risk score whether the authentication node 130 communicatesan authentication challenge to a purchaser via the mobile terminal beingoperated by the purchaser and/or via the POS terminal 120 being operatedby the purchaser.

The gateway node 100 can also generate (block 502) the transaction riskscore based on content of the transaction information which includes anamount of the mobile payment transaction and information which is usedto identify a financial account to be charged for the transaction. Thegateway node 100 then controls, based on the POS terminal risk score andthe transaction risk score, whether the authentication node communicatesthe authentication challenge to the purchaser who is operating themobile terminal to perform the mobile payment transaction.

Referring to the further embodiment of FIG. 6, the authenticationgateway node 100 can determine (block 600) whether a plural thresholdnumber of the mobile payment messages contain the network address forthe POS terminal 120 and further contain geographic locations providedby the mobile terminals that are within a threshold geographic proximityof each other. If the determination is satisfied, the gateway node 100generates (block 602) the POS terminal risk score to indicate a firstrisk level for the POS terminal 120 and, based on the first risk level,precludes (block 604) communication of the mobile payment message to theauthentication node 130 to prevent authentication of the purchaser whois operating the mobile terminal to perform the mobile paymenttransaction. In sharp contrast, when the determination is not satisfied,the gateway node 100 generates (block 606) the POS terminal risk scoreis to indicate a second risk level, which corresponds to a higher riskof fraud, for the POS terminal 120. Based on the second risk level, thegateway node 100 communicates (block 608) the mobile payment message tothe authentication node 130 for authentication of a purchaser who isoperating the mobile terminal to perform the mobile payment transaction.As explained above, the authentication node 130 may authenticate thepurchaser by communicating an authentication challenge to the mobileterminal 110 being operated by the purchaser and/or to the POS terminal120 being operated by the purchaser, to request entry of a PIN and/or apassword. The PIN and/or password is provided as a response to theauthentication node 130, which is checked against an expected responseto authenticate whether the purchaser is the account owner. Anauthentication response can be provided to the POS terminal 120 and/orto the credit issuer node 140 to indicate whether the mobile paymenttransaction should be authorized and/or, more generally, has anacceptable level of risk.

FIG. 7 is a block diagram of a computer node 700 that may be used as theauthorization control node 156 and/or as the authentication gateway node100 to perform the operations of one of more of the embodimentsdisclosed herein for one or more of those nodes. The computer node 700may be used as any one or more other elements of the mobile paymentprocessing system shown in FIG. 1. The computer node 700 can include oneor more network interface circuits 730, one or more processor circuits710 (referred to as “processor” for brevity), and one or more memorycircuits 720 (referred to as “memory” for brevity) containing programcode 722.

The processor 710 may include one or more data processing circuits, suchas a general purpose and/or special purpose processor (e.g.,microprocessor and/or digital signal processor) that may be collocatedor distributed across one or more networks. The processor 710 isconfigured to execute program code 722 in the memory 720, describedbelow as a computer readable storage medium, to perform some or all ofthe operations for one or more of the embodiments disclosed herein.

Further Definitions and Embodiments

In the above-description of various embodiments of the presentdisclosure, aspects of the present disclosure may be illustrated anddescribed herein in any of a number of patentable classes or contextsincluding any new and useful process, machine, manufacture, orcomposition of matter, or any new and useful improvement thereof.Accordingly, aspects of the present disclosure may be implemented inentirely hardware, entirely software (including firmware, residentsoftware, micro-code, etc.) or combining software and hardwareimplementation that may all generally be referred to herein as a“circuit,” “module,” “component,” or “system.” Furthermore, aspects ofthe present disclosure may take the form of a computer program productcomprising one or more computer readable media having computer readableprogram code embodied thereon.

Any combination of one or more computer readable media may be used. Thecomputer readable media may be a computer readable signal medium or acomputer readable storage medium. A computer readable storage medium maybe, for example, but not limited to, an electronic, magnetic, optical,electromagnetic, or semiconductor system, apparatus, or device, or anysuitable combination of the foregoing. More specific examples (anon-exhaustive list) of the computer readable storage medium wouldinclude the following: a portable computer diskette, a hard disk, arandom access memory (RAM), a read-only memory (ROM), an erasableprogrammable read-only memory (EPROM or Flash memory), an appropriateoptical fiber with a repeater, a portable compact disc read-only memory(CD-ROM), an optical storage device, a magnetic storage device, or anysuitable combination of the foregoing. In the context of this document,a computer readable storage medium may be any tangible medium that cancontain, or store a program for use by or in connection with aninstruction execution system, apparatus, or device.

A computer readable signal medium may include a propagated data signalwith computer readable program code embodied therein, for example, inbaseband or as part of a carrier wave. Such a propagated signal may takeany of a variety of forms, including, but not limited to,electro-magnetic, optical, or any suitable combination thereof. Acomputer readable signal medium may be any computer readable medium thatis not a computer readable storage medium and that can communicate,propagate, or transport a program for use by or in connection with aninstruction execution system, apparatus, or device. Program codeembodied on a computer readable signal medium may be transmitted usingany appropriate medium, including but not limited to wireless, wireline,optical fiber cable, RF, etc., or any suitable combination of theforegoing.

Computer program code for carrying out operations for aspects of thepresent disclosure may be written in any combination of one or moreprogramming languages, including an object oriented programming languagesuch as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C++, C#, VB.NET,Python or the like, conventional procedural programming languages, suchas the “C” programming language, Visual Basic, Fortran 2003, Pen, COBOL2002, PHP, ABAP, dynamic programming languages such as Python, Ruby andGroovy, or other programming languages. The program code may executeentirely on the user's computer, partly on the user's computer, as astand-alone software package, partly on the user's computer and partlyon a remote computer or entirely on the remote computer or server. Inthe latter scenario, the remote computer may be connected to the user'scomputer through any type of network, including a local area network(LAN) or a wide area network (WAN), or the connection may be made to anexternal computer (for example, through the Internet using an InternetService Provider) or in a cloud computing environment or offered as aservice such as a Software as a Service (SaaS).

Aspects of the present disclosure are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products according to embodiments of thedisclosure. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer program instructions. These computer program instructions maybe provided to a processor of a general purpose computer, specialpurpose computer, or other programmable data processing apparatus toproduce a machine, such that the instructions, which execute via theprocessor of the computer or other programmable instruction executionapparatus, create a mechanism for implementing the functions/actsspecified in the flowchart and/or block diagram block or blocks.

These computer program instructions may also be stored in a computerreadable medium that when executed can direct a computer, otherprogrammable data processing apparatus, or other devices to function ina particular manner, such that the instructions when stored in thecomputer readable medium produce an article of manufacture includinginstructions which when executed, cause a computer to implement thefunction/act specified in the flowchart and/or block diagram block orblocks. The computer program instructions may also be loaded onto acomputer, other programmable instruction execution apparatus, or otherdevices to cause a series of operational steps to be performed on thecomputer, other programmable apparatuses or other devices to produce acomputer implemented process such that the instructions which execute onthe computer or other programmable apparatus provide processes forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks:

It is to be understood that the terminology used herein is for thepurpose of describing particular embodiments only and is not intended tobe limiting of the invention. Unless otherwise defined, all terms(including technical and scientific terms) used herein have the samemeaning as commonly understood by one of ordinary skill in the art towhich this disclosure belongs. It will be further understood that terms,such as those defined in commonly used dictionaries, should beinterpreted as having a meaning that is consistent with their meaning inthe context of this specification and the relevant art and will not beinterpreted in an idealized or overly formal sense expressly so definedherein.

The flowchart and block diagrams in the figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousaspects of the present disclosure. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof code, which comprises one or more executable instructions forimplementing the specified logical function(s). It should also be notedthat, in some alternative implementations, the functions noted in theblock may occur out of the order noted in the figures. For example, twoblocks shown in succession may, in fact, be executed substantiallyconcurrently, or the blocks may sometimes be executed in the reverseorder, depending upon the functionality involved. It will also be notedthat each block of the block diagrams and/or flowchart illustration, andcombinations of blocks in the block diagrams and/or flowchartillustration, can be implemented by special purpose hardware-basedsystems that perform the specified functions or acts, or combinations ofspecial purpose hardware and computer instructions.

The terminology used herein is for the purpose of describing particularaspects only and is not intended to be limiting of the disclosure. Asused herein, the singular forms “a”, “an” and “the” are intended toinclude the plural forms as well, unless the context clearly indicatesotherwise. It will be further understood that the terms “comprises”and/or “comprising,” when used in this specification, specify thepresence of stated features, integers, steps, operations, elements,and/or components, but do not preclude the presence or addition of oneor more other features, integers, steps, operations, elements,components, and/or groups thereof. As used herein, the term “and/or”includes any and all combinations of one or more of the associatedlisted items. Like reference numbers signify like elements throughoutthe description of the figures.

The corresponding structures, materials, acts, and equivalents of anymeans or step plus function elements in the claims below are intended toinclude any disclosed structure, material, or act for performing thefunction in combination with other claimed elements as specificallyclaimed. The description of the present disclosure has been presentedfor purposes of illustration and description, but is not intended to beexhaustive or limited to the disclosure in the form disclosed. Manymodifications and variations will be apparent to those of ordinary skillin the art without departing from the scope and spirit of thedisclosure. The aspects of the disclosure herein were chosen anddescribed in order to best explain the principles of the disclosure andthe practical application, and to enable others of ordinary skill in theart to understand the disclosure with various modifications as aresuited to the particular use contemplated.

The invention claimed is:
 1. A method comprising: performing operationsas follows on a processor of a mobile payment transaction processingsystem: receiving a plurality of mobile payment messages from apoint-of-sale (POS) terminal operated by a merchant performing aplurality mobile payment transactions with a plurality of mobiledevices, each of the mobile payment messages containing transactioninformation for a particular mobile payment transaction of the pluralityof mobile payment transactions, a network address for the POS terminal,and a geographic location provided by a particular mobile device of theplurality of mobile devices associated with the particular mobilepayment transaction; comparing the plurality of geographic locationsprovided by the plurality of mobile devices contained in the pluralityof mobile payment messages to each other; generating a POS terminal riskscore based on the comparing of the plurality of geographic locations toeach other; receiving another mobile payment message from the POSterminal performing another mobile payment transaction with anothermobile device subsequent to the generating of the POS terminal riskscore; and controlling processing of the another mobile payment messageto selectively allow completion of the another mobile paymenttransaction based on the POS terminal risk score and transactioninformation contained in the another mobile payment message.
 2. Themethod of claim 1, further comprising: storing in a repository the POSterminal risk score logically associated with the network address forthe POS terminal; receiving the another mobile payment message from thePOS terminal; and retrieving the POS terminal risk score of the POSterminal from the repository based on the network address for the POSterminal contained in the another mobile payment message, wherein theprocessing of the another mobile payment message is controlled based onthe POS terminal risk score retrieved from the repository.
 3. The methodof claim 2, wherein: the another mobile payment message does not containa geographic location provided by the another mobile terminal; and theprocessing of the another mobile payment message is controlled based onthe POS terminal risk score retrieved from the repository and thetransaction information contained in the another mobile payment message.4. The method of claim 1, wherein the generating a POS terminal riskscore based on the comparing of the geographic locations provided by theplurality of mobile devices contained in the mobile payment messageswhich also contain the network address for the POS terminal, furthercomprises: generating the POS terminal risk score further based onfeedback from a credit issuer node indicating how many of the pluralityof mobile payment transactions corresponding to the plurality of mobilepayment messages were authorized.
 5. The method of claim 1, wherein thecontrolling processing of the another mobile payment message comprises:controlling, based on the POS terminal risk score, whether anauthentication node communicates an authentication challenge to apurchaser who is operating the another mobile terminal to perform theanother mobile payment transaction.
 6. The method of claim 5, whereinthe generating the POS terminal risk score based on the comparing of theplurality of geographic locations to each other, further comprises:generating the POS terminal risk score further based on feedback fromthe authentication node indicating how many of the plurality of mobilepayment messages had purchasers who provided to the authentication nodecorrect responses to the authentication challenges.
 7. The method ofclaim 5, wherein the controlling based on the POS terminal risk scorewhether an authentication node communicates an authentication challengeto a purchaser who is operating the another mobile terminal to performthe another mobile payment transaction, comprises: selectively routingthe another mobile payment message to the authentication node based onthe POS terminal risk score.
 8. The method of claim 1, wherein thegenerating a POS terminal risk score based on the comparing of theplurality of geographic locations to each other, comprises: generatingthe POS terminal risk score based on a number of the plurality of mobilepayment messages that contain the network address for the POS terminaland further contain geographic locations provided by the plurality ofmobile terminals that are within a threshold geographic proximity ofeach other.
 9. The method of claim 8, wherein: the generating the POSterminal risk score based on a number of the plurality of mobile paymentmessages that contain the network address for the POS terminal andfurther contain geographic locations provided by the plurality of mobileterminals that are within a threshold geographic proximity of eachother, comprises: generating the POS terminal risk score to indicate afirst risk level for the POS terminal based on determining that a pluralthreshold number of the plurality of mobile payment messages contain thenetwork address for the POS terminal and further contain geographiclocations provided by the plurality of mobile terminals that are withinthe threshold geographic proximity of each other; and generating the POSterminal risk score to indicate a second risk level for the POS terminalbased on determining that less than the plural threshold number of theplurality of mobile payment messages contain the network address for thePOS terminal and further contain geographic locations provided by theplurality of mobile terminals that are within the threshold geographicproximity of each other; and the controlling processing of anothermobile payment message based on the POS terminal risk score andtransaction information contained in the another mobile payment message,comprises: based on the second risk level being generated for the POSterminal, communicating the another mobile payment message to anauthentication node for authentication of a purchaser who is operatingthe another mobile terminal to perform the another mobile paymenttransaction; and based on the first risk level being generated for thePOS terminal, precluding communication of the another mobile paymentmessage to the authentication node to prevent authentication of thepurchaser who is operating the another mobile terminal to perform theanother mobile payment transaction.
 10. The method of claim 8, wherein:the network address comprises at least a portion of a routing path ofthe another mobile payment message from the POS terminal to theprocessor.
 11. The method of claim 8, wherein: each mobile paymentmessage of the plurality of mobile payment messages further contains amobile terminal identifier; and the generating the POS terminal riskscore based on a number of the plurality of mobile payment messages thatcontain the network address for the POS terminal and further containgeographic locations provided by the plurality of mobile terminals thatare within a threshold geographic proximity of each other, furthercomprises: generating the POS terminal risk score based on how many ofthe plurality of mobile payment messages contain mobile terminalidentifiers that are different from each other.
 12. The method of claim11, wherein the generating the POS terminal risk score based on how manyof the plurality of mobile payment messages contain mobile terminalidentifiers that are different from each other, comprises: generatingthe POS terminal risk score to indicate a lower level of risk for thePOS terminal based determining that the number of the plurality ofmobile payment messages containing mobile terminal identifiers that aredifferent from each other exceeds a defined threshold number.
 13. Acomputer node of a mobile payment transaction processing systemcomprising: a processor; and a memory coupled to the processor andcomprising computer readable program code that when executed by theprocessor causes the processor to perform operations comprising:receiving a plurality of mobile payment messages from a point-of-sale(POS) terminal operated by a merchant performing a plurality mobilepayment transactions with a plurality of mobile devices, each of themobile payment messages containing transaction information for aparticular mobile payment transaction of the plurality of mobile paymenttransactions, a network address for the POS terminal, and a geographiclocation provided by a particular mobile device of the plurality ofmobile devices associated with the particular mobile paymenttransaction; comparing the plurality of geographic locations provided bythe plurality of mobile devices contained in the plurality of mobilepayment messages to each other; generating a POS terminal risk scorebased on the comparing of the plurality of geographic locations to eachother; receiving another mobile payment message from the POS terminalperforming another mobile payment transaction with another mobile devicesubsequent to the generating of the POS terminal risk score; andcontrolling processing of the another mobile payment message toselectively allow completion of the another mobile payment transactionbased on the POS terminal risk score and transaction informationcontained in the another mobile payment message.
 14. The computer nodeof claim 13, wherein the operations further comprise: storing in arepository the POS terminal risk score logically associated with thenetwork address for the POS terminal; receiving the another mobilepayment message from the POS terminal; and retrieving the POS terminalrisk score of the POS terminal from the repository based on the networkaddress for the POS terminal contained in the another mobile paymentmessage, wherein the processing of the another mobile payment message iscontrolled based on the POS terminal risk score retrieved from therepository.
 15. The computer node of claim 13, wherein the generating aPOS terminal risk score based on the comparing of the plurality ofgeographic locations to each other, further comprises, generating thePOS terminal risk score further based on feedback from a credit issuernode indicating how many of the plurality of mobile payment transactionscorresponding to the plurality of mobile payment messages wereauthorized; wherein the controlling processing of another mobile paymentmessage based on the POS terminal risk score and transaction informationcontained in the another mobile payment message, comprises: generating atransaction risk score based on content of the transaction informationcomprising an amount of the another mobile payment transaction andinformation which is used to identify a financial account to be chargedfor the transaction; and controlling authorization of the another mobilepayment transaction based on the POS terminal risk score and thetransaction risk score.
 16. The method of claim 1, wherein controllingprocessing of the another mobile payment message to selectively allowcompletion of the another mobile payment transaction further comprisescommunicating an authorization message to the POS terminal thatindicates whether completion of the another mobile payment transactionis allowed.
 17. The computer node of claim 13, wherein controllingprocessing of the another mobile payment message to selectively allowcompletion of the another mobile payment transaction further comprisescommunicating an authorization message to the POS terminal thatindicates whether completion of the another mobile payment transactionis allowed.